From owner-freebsd-questions  Mon Jul 30  8:43:47 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from void.xpert.com (xpert.com [199.203.132.1])
	by hub.freebsd.org (Postfix) with ESMTP id CA36337B406
	for <questions@freebsd.org>; Mon, 30 Jul 2001 08:43:40 -0700 (PDT)
	(envelope-from Yonatan@xpert.com)
Received: from mailserv.xpert.com ([199.203.132.135])
	by void.xpert.com with esmtp (Exim 3.20 #1)
	id 15RECz-0000n1-00; Mon, 30 Jul 2001 17:39:49 +0300
Received: by mailserv.xpert.com with Internet Mail Service (5.5.2650.21)
	id <PWSRQ29J>; Mon, 30 Jul 2001 18:43:15 +0300
Message-ID: <EB513E68D3F5D41191CA00025558810150D594@mailserv.xpert.com>
From: Yonatan Bokovza <Yonatan@xpert.com>
To: 'Hans Zaunere' <zaunere@yahoo.com>, questions@freebsd.org
Subject: RE: Spoof attack?
Date: Mon, 30 Jul 2001 18:43:06 +0300
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi,

> I have tcp and udp log_in_vain options enabled in my
> kernel.  I have noticed a couple odd connection
> attempts:
> 
> Connection attempt to UDP 127.0.0.1:512 from
> 127.0.0.1:1131

sendmail tries to access a local service called "comsat",
on port 512/udp.
A workaround is to comment this line in /etc/services:
biff	512/udp	comsat
There is probably something you can configure in
sendmail to fix this.
Kudos for your paranoia. Keep that up.

Best Regards, 

Yonatan Bokovza
IT Security Consultant
Xpert Systems

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message